Bug 768934 - Protocol error in proxied operations
Summary: Protocol error in proxied operations
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.5
Hardware: Unspecified
OS: Linux
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 389_1.2.10 781537
TreeView+ depends on / blocked
Reported: 2011-12-19 13:16 UTC by Juan
Modified: 2015-01-04 23:51 UTC (History)
1 user (show)

Fixed In Version: 389-ds-base-1.2.10.rc1
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 781537 (view as bug list)
Last Closed: 2012-02-07 16:11:15 UTC

Attachments (Terms of Use)

Description Juan 2011-12-19 13:16:59 UTC
Description of problem:

I am trying to test the proxied operations in 389 DS. For now, I have
written a small script using UnboundID LDAP SDK [1]:

ModifyRequest modifyRequest = new ModifyRequest("uid=XXXXXXXX,ou=People,o=XXXXXXXX,dc=XXXXXXXX,dc=XXXXXXXX",
new Modification(ModificationType.REPLACE, "address", "Nueva
modifyRequest.addControl(new ProxiedAuthorizationV2RequestControl(
"dn:" + proxiedUserEntry.getDN()) );

   LDAPResult modifyResult =
   // If we got here, then the modify was successful.
catch (LDAPException le)
   System.out.println(le.getDiagnosticMessage() + " (" +
le.getResultCode() + ")");

Although I have not yet assigned any ACIS as described in [2], I
supposed to get a denied response, not a protocol error as I get:

unable to parse proxied authorization control (2 (protocol error))

This error is returned by the LDAP server, although it is not
reported in the error LOG.

[1] http://www.unboundid.com/products/ldapsdk/docs/javadoc/index.html
[2] http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Access_Control-Access_Control_Usage_Examples.html#Access_Control_Usage_Examples-Proxied_Authorization_ACI_Example

Version-Release number of selected component (if applicable): Tested in 1.2.5

How reproducible / Steps to Reproduce:

Running the code below.

Actual results:

unable to parse proxied authorization control (2 (protocol error))

Expected results:

An access denied in this case, as not applied any proxying configuration, or the actual proxied search result if configured.

Comment 1 Martin Kosek 2012-01-04 12:57:39 UTC
Upstream ticket:

Comment 2 Rich Megginson 2012-01-10 18:04:38 UTC
marking as screened because it has been cloned upstream

Comment 3 Rich Megginson 2012-02-07 16:11:15 UTC
Fixed in 389-ds-base-1.2.10.rc1 now in Fedora/EPEL Testing

Note You need to log in before you can comment on or make changes to this bug.